Hi Chris,
Chris Marusich <[email protected]> writes:
> You've both said that you would prefer not to add git-fetch/impure to
> Guix. Can you help me to understand why you feel that way? I really
> think it would be nice if Guix could fetch Git repositories over SSH
> using public key authentication, so I'm hoping that we can talk about it
> and figure out an acceptable way to implement it.
I thought about it some more, and found that I cannot really justify my
position on this, so I hereby drop my objection. It's obviously not
useful for packages that will be included in Guix itself, which is our
primary focus, but I suppose it could be useful for private package
definitions.
What do you think, David? It seems to me that password tokens in URLs
raise possible security risks, whereas public-key authentication is
generally better practice.
Mark
